From a9aa1424e3c37bd0213c63df10173acadade761c Mon Sep 17 00:00:00 2001
From: Scott Addie <10702007+scottaddie@users.noreply.github.com>
Date: Thu, 14 Nov 2019 14:45:42 -0600
Subject: [PATCH] Replace cert authN README content with link to official doc
 (#16906)

---
 .../Certificate/src/README-IISConfig.png      | Bin 10168 -> 0 bytes
 .../Authentication/Certificate/src/README.md  | 205 +-----------------
 2 files changed, 2 insertions(+), 203 deletions(-)
 delete mode 100644 src/Security/Authentication/Certificate/src/README-IISConfig.png

diff --git a/src/Security/Authentication/Certificate/src/README-IISConfig.png b/src/Security/Authentication/Certificate/src/README-IISConfig.png
deleted file mode 100644
index 3af15e9d0652fba1a66b1704d7990e68ba98bba3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10168
zcmb_?cTiK`w=W(1A|)uj2}lzNf(R&0njk%bfP{`99SOZRm4vGFj)L?mz4w{`f)pvz
ziC{wSHN3<9-Fb80+<9}~Z|41xa^~!PX76>@TA$Bnt&PypQla>V=^s2iJc<{pN-y#7
z@Rxx9lVl{ockEp*Ip7E1?WKwWUik>iU*Ll1t-Pi@9^Us@@=FV1;QH1()z@x#c$D2Y
zAN+oo!Z&z$yqYhR<n_Ewx90ucF`tC6?+Tj|EegL#5bW1tAv{c7M&DPDaoSCLkrpMO
zqZu3jt>xI4RdepPVXU8`hLtB6yk0)O+|!2i?0BO2^nF2)?W`6Tk5~6^<u{LHd6S#D
zFsh#&`N_7ZqwZs^U(hYm+=}x)Jb?;!aKnk^sn<d$P99Yg9M{Wj-dUk<Uj$d?-&vFa
z1?_#Hmse6!g7%ln(tto?be4E`Kp@6od<`X~H+UouL7>n03?0A#67&C;8^M}aLL1pp
zM6Mp^B<0#aRwX1hr_Gw*ud{ljWK=J!$YuBDUYsnC`xWob^dt9Xv>z8%aB_0ao{8rX
zU(S2sXo60UBTpAH<@!`ND?kpX_*t@dd-FaRZ7!OG|9C8WThCC$(}hKj>5MvPztwD|
z9k(HLxjRpeVS&Tpo^_!lyJuLd)3EyHU5SHh!s_}qI98&?(D-!y*&)>)uHPfYD9WO)
zg{2^{74D_tV)6AG(Nr-_&!%U_MIz(%flI||EbhY2xG4ad$px5VM6VK0)?<5T_h;{Q
zl+LB__Y!|9I;3of3R_wK&h;^0RzSn;gGw&P>J@F$3ai~#)bzm`uf^Ovo~{ptBe!_M
z+&bhnQ|EM<!)bi=HAt@YH0$YGPR^Xnf_wOvtsRS<Ug&m<@0Xm#Ta%|lZBnORr0RQ?
zZY<fw_I)8H+^2u4{dN&owbOnZFQm`&3M#LcR{6>bpCJZG4z83n%wjDus|-j_LW*_|
z@~hRw&P6kCGZTWFRaY(J1)lu0zHB5zRX!%Grkyscr*FS=tt;K!AEEL<u&^?aX4#g@
z62vUqUO@B;ZKF3~&}CoU-Euc<=8b}N07WU9Hl+#FA1)W!?S8~=wQ{As`U7_YO-V^J
zNLEU>FC^q~6@2<}!WDRJdd!qda=5dShWZ_X2TY~YuN+j0=08?d(M(Jq=MFXDH8;}L
zCpk(=y#3fX@zK77I4Q-j(h&CBhCq<V(2;Ipt4L+I+=Q>9b~!#9zH*$}+91i$n|&5o
z4z_y~{k6XL8__3E+rO;31-xh-mr{D69KrT`C=VH!$orTm>{kOVz-#Rk@h|(#E{Ox}
zu0a}OWPesghTvZUN`J@16<-rZ9+?QH$%VH|Byw0*ch;6rHnaJX{h?uA;q=P2gm=6z
zOo?St;^6{+JWC~$ZJ|}Xk`<r~;Qp8$eJK=pJmS)mpqWFIe`n#3e9!70nqy6|+DQ4c
zL#scnFU~5LtXSJ%RKV+mABA-*SyfW1DH6Ziu^4n6UO6RbZo!sv%8>Gp@JbaLT;5~9
z+s#dn(-n+i&RGCAv({_aC?VA#FCj67e6a|*V+d##^tolFi0_VoRV^ov!X@wG45|7N
zOWS#uas%#4doMGaMO(0PNh$Img&sed>g(Z}t9wqx_}7><BVn_2nIKNi2jV`YyHY!*
z{X%mtN~p&%7vmtMZuJ~m>BzYgC&@=R;dhwr0O`8By|QD-s{zM8O;EW+@(Kf0KecI8
z1jolbIGM%g7RVS;3_>M-Fk+r6fQfv(gEzZ1q<30Su#Q+M`}CG<15DRM^o1g;@BD<l
zM4c{C6T?A$v4_#q(a+yo3|bU)M)2#+m0jxd9nt$gF?si!>J6sU6Y{)rV~^@=F$j)E
zHYFu0cnjgFic4$khw~Q+B<YYdD&a4G6shbBpwtwtQQ5fm*9noIOrlbD1wak$Wc_=c
z{w(Yx$|4>?pp$JC>MXOa6@|N>dnJ>UbX1fj`;#mUQ<{ZCeel)YEPiJ-M9%bH@Rf;t
zmD{arT2p|1fgJCUv`A(hW!RP<?bl|V@e-6h<}*U2Ioo?@+7CP#eUicFh7kGj#prDV
zRRAMOs#l=u7W{Sk!_oXH`tC0(NqOOw#ufUf)&izw^i;LEi~Pt5rWc|^nF}_zd9b~T
zyR_ffv*ETE15&}lI1EV+=d-Q$OOqipA0js^ZBDxLf1Gi?x6sWfbCJYV%n&E|2Y98J
z!FdR5?r(!%y>fQx$UuI=$@xYZFPuw_Or`f8d$${T;etb_B9%#>u{VAa4S7yJLtvnl
z8@La4Lea&=mPlujq;Cl9B@uhs@9U@Z#phumg_a7h*10ifdu$|wpmefu&C2h}X7!KW
zcvl6<zhH%mBwLsxCbk4<-sAW9p9jEZ^hs~|WyKE5j^u;kwr>Zef-C0R2oG|Izn6IM
zg-{%0OyE6U-8}5cr711V!OfNpk3oH`B2n6c=9bb?j3Vy~=&3>YEFhuf4gb69E3S63
z9|uAil++tb13`(_;(B`egmeP=-4@18@q0hN61>aRuIW<X?07>yQ8dSz1_TaT^qPa^
zgyd(JK<8JnuVD;AzyB#Rwv|hxi;j7Y?yBri<r69Y_(0mJWQu%S939px%A2;vbDRx6
z4QJrY*}A`jm(_GfWsp>}QpTTLAFE>65J)_Rkm?u``{O)pv4Z&~sxhD1zt(?{LZ@i>
zerH9GL47}CZ-~Z{)0^ugnL1I(0@M>J3SYNukYMcIe0h6Jl|O$++4VxgtwAd5(yILl
zOJ=v4*9HvFM)pT4uw3iRc3)z*4y>^cPLHzeFKcT$KPZPE<J*{)f!Hfma;S$Y?dSW$
zIXGu!_bHbKLW%d>v{x5!>Tp?K%I{CeZCsK#{NMhQH0YY3rL~+zw&Ex8=iT+{L%Qt<
z3mCq7ygD4-pJGdl;&{qs)WI1{-%FhZSU1M<*y>K8#{nhSG>~1wCCbXz^47^)n+a~0
zawR<Ewz*GMwPL-x#4q17q<GK_cZQ@_n(XcF0rLEGW;f%8^TYz$vVcI5R5;s1AJTUL
z!?Hcy`bt5UEGr_+Y9}#W?o@_pvmbU%#%5ckqEEM8EA0$%cuEPfb;A+&#G{2f#Q50?
z=#(5@*99uyTa3IXUHg95{qA@8t09?CDy7UNcZOd!=wBHa9VcfsL2vbjG45`QVeq^$
z7A@d}D`^UheBWf+sUao5<JYfHRa=q4b9{2QhBpLWIE`lQ@H^4(c6NE@|CK0mJ(CZi
zY~ITL+<%3QvtBTzkwtNh3)JSdPE8*Yg?KoWgLa_nbVxON|Dwjzn*K1yJ0pHs>Q47h
z|GPZ#jO42}L%3a^p-vJvZ(-z*n$>!>wtR5or@n_`31=07wn~Ao3m6g4P5u=s^R~KO
z_FtBSwxh@7Dx^G{%xada-2|9vpM4J~zsEVN;X_(^uxGSqNv`Ht+p)$rWKteJ$ceig
zA%@tr!9^XYm(zEw&R3K*Om1_Yk3|*o8nsqoeQW@nt)c+pVtbp0jz@`lF*agK=Qf?g
zEhLiZ-E|n#v{t>9-Ns3<pWp804vS8*v0<*v$mBXl_|tpZMfSp;$Xe4jSZ2`5KX2rW
z#<57VpFcfUpT^{vyw3@`Cscfdlu&XrHE5=^yvkfSJY`i-G4eXlS@{QC<K)gu19IX5
z-Ylw`ioc@HaMQBznZKv-pFVnvtFFZ_mjlqkv!B{awn0?k?Y?)cQ@VOKE>arZY276H
zzw=>+7eQqUdwg^@$(1$Kpk?L|+sg;-AQL0gNMv!iMe7A)LWJD52Sw~kcEDaWCXW0?
z;9GGb_KAZ}MdWFryB}5<v@&&uYZs~}s7!20=MOTlDeaf`vC<M5(q3sS8C)Btdjdw5
zS-i@I7tlN7x*=r-ZSwmq<(Dz8ur}C+or3C<*v#ipmD`9Nu@k3L#oM4UPs^u!^LO^>
z&AcJ3!}HOx+qtz@Vsu?1BJ_{`&^dD$1(I4{F9&rxRw&K*KYnnMWOeP#jFFWM#&%OQ
zT;V?q?0sL1)b3`f=VFWIaE{>(B$~bZieTOm5h;g63Mx1C_ekpKLPI+xu5YPrS-!8M
zpAq%)9g`kdOy%MH87GpQ9L`?cabV`HbU#l+9b#@2ivIg3r9moeutel{yF@es`pEnG
z=lwv&Gt!}}-1aVB+~n(NlvPTz7c;r~I6Uo-GM;d!F=yzMbEq<<cszr)bp6Z_Uq#(2
z6|N|3xmlBY1i#uZ70zd}fG>D87j$(WgH_joI6t@cxy6KGGEb|s*jpvbx9Mt-cpN_H
z@TkGZn&6jQQ{<Rmd*{MpYgk0TOQ)V2Ejf3x2z%?t57SPDC_HE?W0ENOW}?2{#Iz2?
zMP;j8)PHNBV1oPQ_qg`07EB!i^JGaOgNv7Q)(+q!+Tv3y(>rn@Ce3Q!o7-q6le7Aq
zQCx+FQ5?Q+L67SDze`HR{zdo<{Wj|O-4kFudtyKqv{!+D5^HgRxmNZ;`Ak1ptxSUI
zytGz+t$7QnT$nsL3#qSQ5%!-)G+}5w5PGF7Dszd8xl>tl!=5o2@D2I;uXsr@S18`y
znS7JV#0m4j79u~Fx}4JAA2HsHYJZd+yqzic13yGsHpmIHbETNJg!5x5hV)It=9>&^
zyajal6<X}I8H<l2`kO>2wkkTtHT{-w^Wl@+5Qr|AQlOljgoE>e4Zu5pz9etLZQy0S
z+YFgEjT{K4@U~rut_oMvF{>u^+obwhoI`-tmvRJ=m%5UxIdK=3mi2LYwG+&h*-UJf
z(RD&YM7iIiAQ!f@$2;K8cAr2hI(mBQ$icZIK>lp8Bu(X(U8CK!gS1$OwXHu;WJ@)W
zCRhCKXFc=#!T#z?{u(4f=KDQ@CN^$5flUDWw#yZi%NXo25U0h+St>bUBUCe_+J$}d
zm8afTRj#EMV=?{PJwNUDph&@cGzh-=RQ(cKn=@8!Ko78fF-PdXvg`Zx+fz)=S;1ox
zY}kLox$nwwOe1BFVV8du!0kAhgBA#_U;aa1d2v;7kF8wkXxle$5_(dZ;oOg#DLMU#
zbM47hPf1VjUR%50*WWK9Cs*O_0O+|bB4Tp$8MWHEveTi}lij~2^ufD#lgbm#aow??
zW)JrKTg(_6_U<foXG1yn9KrpE$1>*+?T@EAEF-#LkKYr<?<@@#-@3=9+mwmEr)W^;
zkG@0zQY#|VU0$6ok{FFfBXukzJK35MA5hf{*R_l%&Ph4$=hb}d*G?(jwUvoU_vqSU
z^Q4j?zF5xVAF)fzadruFLVQBB9=$pcNJw$<gNdoBobqz5)Cyw~AgyYBIuW+```XB;
z>+n!a_I!iOxIK{7pxn4Knpq;j`OQq8AhgD_nKdynv9PEJ(pB5kWaN{@@@5w)%Gf0u
z<s{Aw1;lDi?p^8N_&1|S^1`m=N}3kfrythOP<B<11%yi<@bg0m^gmXythqfI_}j7(
z0c@vOliVDTp+Eb1c>Ybj`|l`Z^KN|U35(Fd8ec%v#Osb(*oW+k%^M0E9p=-15X9o1
zjctY>T8U45mRt~O9dMDLHD~AjCC~V@hvgL`s{S;^dD73nyPxAu+qJ=TLO@2O2U~c~
zb#q#YV33!1&cN}HkA&0n^eWQeaCz^gP~ijy_HFmV$L^9(MOfJTj3y)I2#;0ldqwWd
zEnvdm>agrAYpr=Qkhiq21?B6T>-bzFI40ghQfqwC#K~<kcB{~Rwjb+~Z(c50>Aw45
z*zUg$DGX>K{&^iscO)`A_7TUPw-v^TV)c|CCuta6)5~V!5DN`1xmEOv`nvJy{0gMP
zzhCrJQkuFU*6vQm>GrKLRlfI~4Yv6G%H)QMLd=J~CeMro!P{!DMyIHH1Il~cpTM=#
z?5c)UG>!z@^#e6DZ`oll^vkntn3h25s>yXSB^cD-L01tz)Nmau!cG85BIDZNZy8Z(
ziJSGc!+y7ywmXuIJ0LqVF7mNINyY6G&0i%MA0wT-&Pb|V(k;;rG#3s>Pq7ub3nFTM
z(VS49{D6Wyx7)v@aalF4!^iw6-Rz5=KnQlj35yKK+LEb-vA#SQm#IT|?0T>HDKyKC
z*DF_V`>-?fCkHh8Ug_`TYG8Ta7>9d|C<?6lmif;|1bq2<b&(r4Zs24E6NjZXI%@Z=
zezLpfS+A&WWla9evl{q`=D_p{_hO)hy{asTay$XD<;H(-VSlub#)>A|{i*G%!{CC1
zJ_(VTf8QUJ>)DTmoinRzeL|z4S@N^~37JW4f-jmW5x?%gO()~r5*x<$?i=j<KJ>9J
zZf}ytdVbS1!^JkjObndOW<~X*dAa|5hnYDnh#?z17vDln!52bKGVb-70$YzURa5>!
ze7UJHpKC6&UD5lZi3P%PVKrN-qtIlHxm*cwcI45E5x>bg%;rH9HaF2OHO*<{o#UgO
z{-J}x>*@Q)*O>j<U)n+Jc@<{)9)>@pYiKIQ&4gQj+5Me}$9{Ruo{UPI72Y=#uJB6Q
z8a%AmmRh{K<^S`SiVLF=0{wR<+&GjkfYp5}XxJ__3)@;zb7(4%r;S=~HI#&o5^sg>
zeDhuCnJ1wNWzdx4U3LsbEf$+L<f%MjSK)1v!H;^MaLcf5DW5j5mJE>MP5v7%o7q@1
z=PhR*JfXn%&crA`Eej-i`3QCI*SUjJ`0v1Lyf}Iy3Zls)-9J0>(5iH?fD2esTZM_O
zTyfUs==Oyp3RSmQH8xlG_-~6GO!hgYJ0<F%MV1JvxuKegofI%r%(qH8Xew29bbu9n
zb17Mn{qgtu<MTSJlF=64shSY0N1jYq_*6~f+I8s4K*keDQz`b-s&vhiafP7h)zw&B
z|3k@Q<Ce!_)JlF{QlmjeQL)SJay0!`WjDqVt~lv4>UY{&&Aq^l%~JtBIv_4Y*m{y!
zGv%t9++A0G5m2Mm>q=?pcv@*2o!uj1O<I1{54)Y)xu&~CEWrWSR(Y~7X!eaOylo9K
z8n1ZuxV}3YY(_1!A~$5{LKV8Da>u2G)#6c|6KlWf=0*I<(go>H&nDAGwt1_Dg%kCV
z(u?apeG%KBQXL}fC)6T)Kcps?y`X=Mblj801GNWw|0V_g7Uh$KI=00fqmLG*zXc>6
zELseoSHwBZGVPDxThUG`8^(-Syzj{(x4BFKQL{5m!j5!5?GGyZbw<AgXOqP|7b9(v
zEN|nt=KCf~J7{OA@ljc8>b2aQr(_ILyS?94`fSjEUt>rv5wtQqv8o*?>XtK@ccv#U
z_Gzx5*|ADUcrFmC*yn^Y0AKhQ8n}HZaMUDPiZeiNBvy1sST&5SwmU!BJlMRJ5UXOH
zQy8=k8W?r8F4QeN5;znY^lClC;Yyc+_sv!f_rr=<s4SOG;g_*-r(e=M{M>QJMN=0G
z1A)KAt>oT7uQ%uFA{H(l6s&&YS#;8Duks~~;0o3?A?1;59ZqegUs5<wU5U>c{HuIm
zo^9)PYa4vJ^g%a?omt)u6CcYQ5XN>2y>lSLBWnlt%8Rh$U|;gcPjWz>??Ecsn4Q>a
z)m38Ft5{cb9lWa9ae#8o+eMtA%3q?7wDuY$zd2{0?##@zwy@^opD}vo{_lN{tIe6c
zM!$>t9nJ8<vmiBNSDcEc4VQ0FKI-0yuy}Q1(r1;jx@Y$5*v@)p{mIqhDALohnt%8E
z=bgD_c`*mf{o=d!SFqRN?lW~FKaPMrRUNm#toL5wKdf;cmPS=PQ>U`-vY56L?SDLD
zvq_qHWbh_E2{Cf<K%MgLWeWYL7pCuzR>*~mb9>bSS2pBzZ3!0_X|kP-0OB9xvPC(f
zg!3MJ24(qpIO|lE+2RDvhcA>UF~@JYc;Vy9UEHXKPJ+W@{0ssmCitq-xz@=O>QZlp
z71{#BYKlDH;l+NfSKczBRxDWzlUEGteQv@&GyJ&)<I+DpI9Ep-vDK=k1hq(am%kxs
zf>avxVjvJi#Nz*@D*c}*y?@RT(;ZG#@&k4fX?Cd)@Ej;>1BEkR0*}_C8&=cAxe=P=
z)nkZbHGWds<e>L;pn1sgP&OtF8l0-ZYPki#FuB*FDp2@*EiM#XVbV-eKNrn@ecEsT
zLL7Xm;M%ilsk0qfe5+0Y=58t3)(K^*BM5`ZpsDS<3XLJHFo0sPrqgtY`pd9Uu?1ba
z`r{6=4b<J%oWn@vqv)(kM8vB0#a%f^rO;(3he%*W?f{LcUG}>?bxlZ2EYgLEiQ%=E
zu&TtD>E+EyDkfLtx8&6uj8CR7Y?ZK@UA5%qTKly5qSWHpDG5wj)OU2J1b6{f^Vtgz
zRc<}gD@Z88f4xi5fz=Ch`9iTb(W;}Yiu4=GZz>33<6e8yNIx8g*pJ@`H!Es4#V1PF
zitst?ENd1Nk~m-Cs5y~J^e~Y%D7&e;CcFj|O>>g<D6%85v-x{cg)gP#S{O>M^7lRq
zv$78J2#|cAD<ELWR3`Qk6}i>SSv}((u&**R6I0Ns2S9G+oq9Z7OaZ;INY3Owr8#4z
zsBJt)%U9?1`!@xxP&*;*AN#$Uu#LH)_!6vPQdK$ll=Nquenkcxu4<*Y9$d@Ovb_6h
zaLTdz#BfErEEhDqTe1C55*lAPri4*qYA*M0sAtX~?X%*&2S4~rw5xwYlcsbk{`}r&
z&^jSqvWH=k0Vn!9y{l{}`c6AT^6PD8ibW!cCja0Q!wR^l#JK|OzN_;q#)LK#NV&fW
zKg9F)RvOrr^l5W)K`P0cW^sC7)X#SkmiK3ronT#a(r}BjOrBQQhkPjXw$Kbg797sT
zAhniUxkfuIWBZTOl2qGGhs8Ghl1_{;1rD!EZXswmeHe^@+xpGyK3Q71*B*}A<pye8
zR^dcI$7Sre3y+7BQxxxJ@BrTJ8*WN?GaP=q<Nx=KXZVEPw_AmHQZz85KLymjak!@#
zjS8sr`Hsc;n{NL6<xyzm(_A<1NezNP9%$eRgsk<bda>*^Jk21|qAD7XXUSxUp~?k{
z(G}@DL*!tm1%ato8V*O@kND~w8t%kUIQ82&6M{fa^u%Q5WBW3Hl&i@KWb2LYBR*j!
zVqE;dVoxRu0OK&%?BTIVMdN}=ot}JfGQw)xJ>hLGlj_lXQ8r%Uc^2_i*(XHM<pVna
z?l~=7tv*6!n<Uz=2CFh+V(4n60~Q87Od5ZqJ;v%R9|?OES~WWQWHHupte#t^6aWJ~
zw(bDM2K^MUt-+nCMajDsYnv*5s#{fTM7}Q(JOuXNG=)y?Ey;lGo5y$`_$aAQ@S0WU
zGztxNz;fDU5-=p%dV_5l=HoAF+ZI|3z+T?3+N&2}y#f~#*2rHMeoE$VXGt=Tn4eO*
z94r<4&;UIcofJIEsC(aJhi9hwLI;z+IHGGKJeO5rV9qa1ar{#}1Oo7}+Oz<B^%g0a
zd%p~|F2-84Re3jr4AcOYQ{(HgQI=hO3mjB3yQ1HCL9_m45&|ThHgUF&m|R=0Gm$UH
z`Q@>sVfN(OjN)af^{-H4pXQNeI?2qTKk|~^CRki0khiW#BCOON^7@qkUiOyn8ToX`
zh%?n?nH>iQL7@cHR+4E<aP|XgzLWV|AhqG+b_HSH%mtVt7uo&hKZ*KPFPmnWu<IKv
z&sD#9>3HJrvOENh#XtZ9&OBz?=ipP2978|&Xw@-RN}(xn-s7<30dBV$w#j04%Bmqx
zdD%l6asxVlk_+Rou&QAx=1g=`^HLbS)@x5kqTwRCcjqwoDdEWgr_k}ajK;`xAS8sw
z5j$D%_S3FN3?B&amk(VvHx6%W@^3UB|0gjP@ichRZ%3x(avx>u<kai-L#99)>G~ST
zXf>I%=q<9`F+Nkjt;g>bIQ*}$X8pR_G9Q|no@!`mtz4cRoOV(L;uVY|Tmlc$D~-x9
zB|yuuE;h#zzkMGm@GyPY`(RkYb!`A7CMMQlQ_UX>GfsjE(zTppN-zS4x4(8zaNq#7
z{{XB^-$4&H?m(lG$0jF<;|ISbmET91`Tph3%PQ3dRx*Fr1n=bJL|}fT@zar3=F_~G
z8*{J&)878b>V5P>Iyc7J>vY$m<zl-TV@L@EDyPwpD&qN{bCHy~<i7oDL^H31vQ9kt
z#%abAZ{14!HTaclvLMsjL`5Z%&!D-<V8Z%D0tB+wcgL3&5eYdz_w^8Lo}D$)(9|rl
zasXNUJ<RcW7~?G+bAtq#an!+H-!xO{*bjmDDF3*Q{MD-n(Bk+`A!2IBr~LUxon;eS
zKrEF>ksaEG-K6JN?)ZY;1|Q#n-<%?;M+O1^2eUW*MnF{FN=PFL9?<&_BDTdvgy4|W
z%zY2bQq9c!rf_F%JT49o<CgNPLasf%B7xA~MRmc@D>6ZY`<$F={7raC^T@X&8Ib-e
zDX(o7N;c`j7+P{F5^Jo)lSA%!z<q3Aj}gD~^K0IhSu_;PPkO^sfby*h)MAOYrSx_+
zmf@G0nv0(zE>mpNnqX1Q8e+vN$C{0EPQAod&85QOQ!m}|{g*oM#l*!|q9qn|j6S6f
zz@C^)#UHt?K41Joiknh8*%hfN@Q}xXDs)FKiszBYC#F7a67fnVH)6xk(y+}k5)S9f
z;|sbaK!aF1`emklMKkqPG5jUH@u2g1=p{{3i_y%JP-pZCKY)2<uM+Sx?gt&b4iq*F
zoaFQAOq5<1XwGzVIkOR;uuyOq4Ih2SJE2~9<6;^R(svd&-OyVu&sbl9lPs~xaCj8N
zeLYwrmN2tBtt6fiK$kaPNcnE!C4%(dzzm%Ue8HfIeRQ(fa|Z{3EWhn1Xh;m|29&o-
z`GO)unW9%}f0?S!M=ci>WGR@Ku=4Qoy5cU+x_(E60KoK2d4?bmooHY#p1$`d-DPFq
zGncKcZSb&-E*rW*u-;J6`)JZ&(x6mx!9S#)<UVJPB?PeZau>02n?Iw8i3#$`{n2N%
zaO+{*OYJGM_!dOqD4}*GDKx0!@&<)&8-hU~+Ugu~bDs<OnXL@+*E<tMx|o!<@8eg`
z{OFrzdoQ&g-9o?zy#HHlpiMhxqU8q{b15Zb9^4XCt66jUM^mlDh!WL0@f5xP9A}?8
zIKeSnA2*9+HOiXG5%aP35x6Alz}`h~5&)Fx)fn+^PY)3Wi=F(wxkho0jy|tul8O$j
zQCt&NB8Yr@W#~-AyAAri$fh=*U#Z=w^3}AFOs^mXs@j^jd~Y-!1Eu4bBg{xZ1LR-k
z<AR99xe_;(@$TTS`!)(nN_zhPH9~mCuKe$c2BBp_thuKBjGYk3ca+|v^QkFmIZ)XM
zbD(AgZ7R!glA?LZ8}UhICe<(|_s)D4-phEvIer4U0_BW;^me4sY9>?4i;|RzO|KuQ
zgt@xl;aBKxiHdjf_bs#QG{+n)cYc|Dp#L$dY*r+S<Ub&n5tv+GUoWtD5Z!BO|H1~=
zRLYCRGBE`&q7_w{Q}(F+!Ez*T2vA_VJ^x1L*LlzdxXl|r1EM71-Ivf&r%hLYqOby{
zC#7V0W@W{-;Jr%0{SbJe|9TE1({6VnCQvJGeiS@Lrcc9=*&Sv(RrBf2uNQw4o5u<=
z7EQorZI#Fme?D6wL<<1!8IV)A_B=hD-U1*%YRYHohM!f5D%x?rnB+=I)~5+gOKP4{
z^ozn4gC&`Mqj#B}pW9gho~jWc8XUjoB8%D~MpZCz3pd2A`&-w$)g|prSpm{u?EJ0=
zo(ua8g)+*{ks@u88Qi%L^+&+@y#9S!rOeu~U%+P;cxGKwSGUr*p7kG&4*1LLNCa@>
zU+_^oG0c$Vi{YP`oV0+!Xx4vZ3wNc9P=i2a+K{?nGauk|#js7w*`IVt*curV6O(!M
zOoGZ2FiMDy+%(|m)e)`lnu}OTJ%wJlW;53kP#x3|8t^Uw)}JHxe?Uhb(I2QwYu@iG
zRZn@;%>(`uL$Wi;+dla|!pQ?*&&ru35t4hS`%=c1lM@LUBd%<@`m*Vnv=DgV<d20e
zcIBx9t)QB3017g8#g%$tCiu}lTECrk@4+E;FM-f9|1Y5>y@SQ-vW*XdZU62rcOzRv
z-NgT^9GQ_Rvtx8XLVf+lK4XlMOlD`DZMIG^>#VFosDnu;9S9`zDFPhK%fq8%W>z8H
z?zxq=p8|djb{Q3RnaDQ5Gc929Cv<{Sd2xPj=e(bJWvlI>O(>)0i-ZZMk={Y`j#0J0
z3~D7H6VJSRun`9Jdaa~%_~iir4a)+GhQ4c`RTBE$2VsnDqVKD9f8dAvzdIvMf@T5L
zA^Yye$ylJb4B6iQipnhfv$6S+ch5c3*j8J-_9#giIF?Wf<d~T<|35>F=*Ir|C+BT@
z(Jp+k>m!-nonfSj>kcsYm2bi+Q~QVJI(4e?irHyR>6QY?z|7wA4FW^czk==S%#ppj
zXyG8nMci@y-n3OL|KdqvEbQ`ZJ=-Av28znxIMmJf3A$!YjlpeB4ZMg^`@!`6lll9G
zF0uLKvj`poyrRAm>4H+(VKtYVt#trflYO^@$HdIM*T?L_C#1|+w|I>^*&C7C;kzLh
zsJ~TNrP)&d5-q}gJqK-{SX_(gpCjbY;wt$J+R797q&|9T($^4X&ZEXP2&+ue$y=>~
z*a|EDzo1mv6}O;|vKv*J!exvwkb1QsB=6!bhu@yHnxDPOT_ZNw&#2h+G&MtcaovzI
zJ#Qc$dP8mwihVEu;3yKPeOw}5037GxzkO`%e`0R`jRe-9gRiNyR#DqERdoiyX*;|Z
M%34b03g)5z3t&Zgy#N3J

diff --git a/src/Security/Authentication/Certificate/src/README.md b/src/Security/Authentication/Certificate/src/README.md
index b5654819e6..a589666e0a 100644
--- a/src/Security/Authentication/Certificate/src/README.md
+++ b/src/Security/Authentication/Certificate/src/README.md
@@ -1,206 +1,5 @@
 # Microsoft.AspNetCore.Authentication.Certificate
- 
+
 This project sort of contains an implementation of [Certificate Authentication](https://tools.ietf.org/html/rfc5246#section-7.4.4) for ASP.NET Core. Certificate authentication happens at the TLS level, long before it ever gets to ASP.NET Core, so, more accurately this is an authentication handler that validates the certificate and then gives you an event where you can resolve that certificate to a ClaimsPrincipal.
 
-You **must** [configure your host](#configuring-your-host-to-require-certificates) for certificate authentication, be it IIS, Kestrel, Azure Web Applications or whatever else you're using.
-
-## Getting started
-
-First acquire an HTTPS certificate, apply it and then [configure your host](#configuring-your-host-to-require-certificates) to require certificates.
-
-In your web application add a reference to the package, then in the `ConfigureServices` method in `startup.cs` call `app.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).UseCertificateAuthentication(...);` with your options, providing a delegate for `OnValidateCertificate` to validate the client certificate sent with requests and turn that information into an `ClaimsPrincipal`, set it on the `context.Principal` property and call `context.Success()`.
-
-If you change your scheme name in the options for the authentication handler you need to change the scheme name in `AddAuthentication()` to ensure it's used on every request which ends in an endpoint that requires authorization.
-
-If authentication fails this handler will return a `403 (Forbidden)` response rather a `401 (Unauthorized)` as you might expect - this is because the authentication should happen during the initial TLS connection - by the time it reaches the handler it's too late, and there's no way to actually upgrade the connection from an anonymous connection to one with a certificate.
-
-You must also add `app.UseAuthentication();` in the `Configure` method, otherwise nothing will ever get called.
-
-For example:
-
-```c#
-public void ConfigureServices(IServiceCollection services)
-{
-    services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
-            .AddCertificate();
-    // All the other service configuration.
-}
-
-public void Configure(IApplicationBuilder app, IHostingEnvironment env)
-{
-    app.UseAuthentication();
-
-    // All the other app configuration.
-}
-```
-
-In the sample above you can see the default way to add certificate authentication. The handler will construct a user principal using the common certificate properties for you.
-
-## Configuring Certificate Validation
-
-The `CertificateAuthenticationOptions` handler has some built in validations that are the minimum validations you should perform on a certificate. Each of these settings are turned on by default.
-
-### ValidateCertificateChain
-
-This check validates that the issuer for the certificate is trusted by the application host OS. If you are going to accept self-signed certificates you must disable this check.
-
-### ValidateCertificateUse
-
-This check validates that the certificate presented by the client has the Client Authentication extended key use, or no EKUs at all (as the specifications say if no EKU is specified then all EKUs are valid).
-
-### ValidateValidityPeriod
-
-This check validates that the certificate is within its validity period. As the handler runs on every request this ensures that a certificate that was valid when it was presented has not expired during its current session.
-
-### RevocationFlag
-
-A flag which specifies which certificates in the chain are checked for revocation.
-
-Revocation checks are only performed when the certificate is chained to a root certificate.
-
-### RevocationMode
-
-A flag which specifies how revocation checks are performed.
-
-Specifying an on-line check can result in a long delay while the certificate authority is contacted.
-
-Revocation checks are only performed when the certificate is chained to a root certificate.
-
-### Can I configure my application to require a certificate only on certain paths?
-
-Not possible, remember the certificate exchange is done that the start of the HTTPS conversation, it's done by the host, not the application. Kestrel, IIS, Azure Web Apps don't have any configuration for this sort of thing.
-
-## Handler events
-
-The handler has two events, `OnAuthenticationFailed()`, which is called if an exception happens during authentication and allows you to react, and `OnValidateCertificate()` which is called after certificate has been validated, passed validation, abut before the default principal has been created. This allows you to perform your own validation, for example checking if the certificate is one your services knows about, and to construct your own principal. For example:
-
-```c#
-services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
-        .AddCertificate(options =>
-        {
-            options.Events = new CertificateAuthenticationEvents
-            {
-                OnValidateCertificate = context =>
-                {
-                    var claims = new[]
-                    {
-                        new Claim(ClaimTypes.NameIdentifier, context.ClientCertificate.Subject, ClaimValueTypes.String, context.Options.ClaimsIssuer),
-                        new Claim(ClaimTypes.Name, context.ClientCertificate.Subject, ClaimValueTypes.String, context.Options.ClaimsIssuer)
-                    };
-
-                    context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
-                    context.Success();
-
-                    return Task.CompletedTask;
-                }
-            };
-        });
-```
-
-If you find the inbound certificate doesn't meet your extra validation call `context.Fail("failure Reason")` with a failure reason.
-
-For real functionality you will probably want to call a service registered in DI which talks to a database or other type of user store. You can grab your service by using the context passed into your delegates, like so
-
-```c#
-services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
-        .AddCertificate(options =>
-        {
-            options.Events = new CertificateAuthenticationEvents
-            {
-                OnCertificateValidated = context =>
-                {
-                    var validationService =
-                        context.HttpContext.RequestServices.GetService<ICertificateValidationService>();
-
-                    if (validationService.ValidateCertificate(context.ClientCertificate))
-                    {
-                        var claims = new[]
-                        {
-                            new Claim(ClaimTypes.NameIdentifier, context.ClientCertificate.Subject, ClaimValueTypes.String, context.Options.ClaimsIssuer),
-                            new Claim(ClaimTypes.Name, context.ClientCertificate.Subject, ClaimValueTypes.String, context.Options.ClaimsIssuer)
-                        };
-
-                        context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
-                        context.Success();
-                    }
-
-                    return Task.CompletedTask;
-                }
-            };
-        });
-```
-
-Note that conceptually the validation of the certification is an authorization concern, and putting a check on, for example, an issuer or thumbprint in an authorization policy rather 
-than inside OnCertificateValidated() is perfectly acceptable.
-
-## Configuring your host to require certificates
-
-### Kestrel
-
-In program.cs configure `UseKestrel()` as follows.
-
-```c#
-public static IWebHost BuildWebHost(string[] args)
-    => WebHost.CreateDefaultBuilder(args)
-    .UseStartup<Startup>()
-    .ConfigureKestrel(options =>
-    {
-        options.ConfigureHttpsDefaults(opt =>
-        {
-            opt.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
-        });
-    })
-    .Build();
-```
-
-You must set the `ClientCertificateValidation` delegate to `CertificateValidator.DisableChannelValidation` in order to stop Kestrel using the default OS certificate validation routine and, instead, letting the authentication handler perform the validation.
-
-### IIS
-
-In the IIS Manager:
-
-1. Select your Site in the Connections tab.
-2. Double click the SSL Settings in the Features View window.
-3. Check the `Require SSL` Check Box and select the `Require` radio button under Client Certificates.
-
-![Client Certificate Settings in IIS](README-IISConfig.png "Client Certificate Settings in IIS")
-
-### Azure
-
-See the [Azure documentation](https://docs.microsoft.com/azure/app-service/app-service-web-configure-tls-mutual-auth) to configure Azure Web Apps then add the following to your application startup method, `Configure(IApplicationBuilder app)` add the following line before the call to `app.UseAuthentication();`:
-
-```c#
-app.UseCertificateHeaderForwarding();
-```
-
-### Random custom web proxies
-
-If you're using a proxy which isn't IIS or Azure's Web Apps Application Request Routing you will need to configure your proxy to forward the certificate it received in an HTTP header. In your application startup method, `Configure(IApplicationBuilder app)`, add the following line before the call to `app.UseAuthentication();`:
-
-```c#
-app.UseCertificateForwarding();
-```
-
-You will also need to configure the Certificate Forwarding middleware to specify the header name. In your service configuration method, `ConfigureServices(IServiceCollection services)` add the following code to configure the header the forwarding middleware will build a certificate from:
-
-```c#
-services.AddCertificateForwarding(options =>
-{
-    options.CertificateHeader = "YOUR_CUSTOM_HEADER_NAME";
-});
-```
-
-Finally, if your proxy is doing something weird to pass the header on, rather than base 64 encoding it (looking at you nginx (╯°□°）╯︵ ┻━┻) you can override the converter option to be a func that will perform the optional conversion, for example 
-
-```c#
-services.AddCertificateForwarding(options =>
-{
-    options.CertificateHeader = "YOUR_CUSTOM_HEADER_NAME";
-    options.HeaderConverter = (headerValue) => 
-    {
-        var clientCertificate = 
-           /* some weird conversion logic to create an X509Certificate2 */
-        return clientCertificate;
-    }
-});
-```
+For more information, see [Configure certificate authentication in ASP.NET Core](https://docs.microsoft.com/aspnet/core/security/authentication/certauth).